In the first half of July 2023, I collected 161 events (corresponding to 10.73 events per day), a number that, despite significantly lower than the two timelines of June (part I and part II) with respectively 12.27 and 12 events per day, confirms the sustained trend of this mid 2023, fueled by the exploitation at scale of the CVE-2023-34362 MOVEit vulnerability by the Clop (AKA Cl0p) ransomware group.
Consequently the attacks carried out exploiting vulnerabilities were still on top of the attack techniques with the new record of 36% (58 out of 161 events) beating the previous value of 29.8% (53 out of 178 events) recorded during the second half of June. The other obvious consequence was the increase of the percentage of events directly or indirectly characterized by ransomware, soaring to 44.72% (72 out of 161 events) up from 40.3% (72 out of 178 events) of the previous timeline, and again a new record.
The fintech sector was quite under pressure during the first half of July, with multiple massive hacks (translating in multiple losses of dollars) hitting several organizations, some of which were hit twice during this fortnight, such as Multichain (that lost a total of 228 million dollars worth despite it is not clear if the incidents were real cyber attacks or a rug pull) or even Rodeo Finance that lost the equivalent of “only” 1.5 million dollars. Another fintech company hit hard was Poly Network, which lost the equivalent of 4.4 million dollars, and in the same time the Financial Time revealed that In early 2022, threat actors exploited a zero-day flaw in Revolut to steal more than $20 million.
In terms of mega breaches, the personal information of nearly 35 million Indonesian passport holders was put up for sale on the dark web for $10,000 by a notorious hacktivist with the moniker of Bjorka, while HCA Healthcare disclosed a data breach impacting an estimated 11 million patients.
The Cyber Espionage front was quite crowded this fortnight, with multiple high-profile campaigns unearthed and carried out by known threat actors against organizations in Ukraine, such as Gamaredon and GhostWriter. Other interesting events, just to mention a few, include a campaign dubbed SmugX carried out by a Chinese threat actor and targeting embassies and foreign affairs ministries in multiple countries, the supply chain attack against JumpCloud by the North Korean Lazarus Group, the attack launched by RomCom against the NATO Summit attendees, the campaign launched by the Iranian Charming Kitten against experts in Middle Eastern affairs and nuclear security, and the widespread attack, orchestrated by a Chinese group dubbed Storm-0558 against 25 organizations worldwide, including U.S. and Western European government agencies, using forged authentication tokens,
In terms of hacktivism: the Cyber Partisans attacked the largest university in Belarus (Belarusian State University – BSU), the Ukrainian IT Army took down the Russian state-owned railway company RZD, SiegedSec continued their campaign against the U.S. and KromSec leaked the personal information belonging to more than 1,100 employees of the French Ministry of Justice.
My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Geo Map June H2 2023
No Data Found
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/07/2023
Since January 2023
Since January 2023
13 individuals in Singapore
Banking users in Singapore
Singapore authorities arrest of 13 individuals suspected of involvement in banking-related malware scams.
Malware
Finance and insurance
Cyber Crime
SG
Singapore
2
01/07/2023
-
28/06/2023
ALPHV AKA BlackCat
Coachella Valley Collection Service
The ALPHV AKA BlackCat ransomware gang claims to have acquired 575 GB of data from Coachella Valley Collection Service, a service that provides debt collection services.
Malware
Finance and insurance
Cyber Crime
US
ALPHV, BlackCat, ransomware, Coachella Valley Collection Service
3
01/07/2023
-
27/06/2023
ALPHV AKA BlackCat
Kansas Joint & Spine Specialists
The ALPHV AKA BlackCat ransomware gang claims to have acquired 467 GB of data from Kansas Joint & Spine Specialists.
Hacktivists from SiegedSec claim to have hacked various satellite receivers and industrial control systems, allowing to control multiple companies including Halliburton, Shell, Helix Energy and Oceaneering.
A new sLoad campaign, carried out via the national certified email (PEC) hits multiple organizations in Italy.
Malware
Multiple Industries
Cyber Crime
IT
sLoad, PEC, certified email
6
02/07/2023
02/07/2023
02/07/2023
?
Poly Network
Crypto platform Poly Network suspends service after hacker steals 4.4 millions of dollars in digital assets using compromised keys.
Compromised Keys
Fintech
Cyber Crime
CN
Poly Network
7
02/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
AON
AON confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability. Among the impacted customers there is the Dublin Airport.
The hacker group KromSec leaks the personal information belonging to more than 1,100 employees of the Ministry of Justice.
Vulnerability
Public admin and defence, social security
Hacktivism
FR
KromSec, French Ministry of Justice
9
03/07/2023
Since December 2022
During May 2023
Chinese threat actor overlapping with Mustang Panda and RedDelta
Embassies and foreign affairs ministries in the UK, France, Sweden, Ukraine, Czech, Hungary, and Slovakia
Researchers from Check Point discover a campaign named SmugX, attributed to a Chinese threat actor overlapping with Mustang Panda and RedDelta, and targeting embassies and foreign affairs ministries in the UK, France, Sweden, Ukraine, Czech, Hungary, and Slovakia.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
CZ
HU
FR
GB
SE
SK
UA
Check Point, SmugX, Mustang Panda, RedDelta
10
03/07/2023
-
03/07/2023
Cyber Partisans
Belarusian State University (BSU)
The Belarusian hacker group known as the Cyber Partisans claims to have attacked the country’s largest state-owned university Belarusian State University (BSU), accessing 3 terabytes of data from the university's system, and also encrypting and wiping some servers.
Unknown
Education
Hacktivism
BY
Cyber Partisans, Belarusian State University, BSU
11
03/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
University of Illinois
The University of Illinois confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, University of Illinois, MOVEit, CVE-2023-34362, ransomware
12
03/07/2023
From June 2021 to April 2023.
-
Neo_Net
Clients of prominent banks globally
Researchers from vx-underground and SentinelOne discover a Mexican threat actor dubbed Neo_Net, conducting an eCrime campaign targeting clients of prominent banks globally, with a focus on Spanish and Chilean banks.
Malware
Finance and insurance
Cyber Crime
>1
vx-underground, SentinelOne, Neo_Net
13
03/07/2023
'Recently'
'Recently'
Crisis
Multiple organizations
Researchers from AhnLab discover a new campaign by the Crysis ransomware’s threat actor, using the Venus ransomware in the attacks, and launching the attacks through RDP.
Malware
Multiple Industries
Cyber Crime
>1
AhnLab. Crysis, Venus, ransomware, RDP
14
03/07/2023
-
03/07/2023
Rhysida
BM GROUP POLYTEC
The Rhysida ransomware group adds BM GROUP POLYTEC to their victim list and claim to have kept the data for auction in their dark web portal.
Malware
Professional, scientific and technical
Cyber Crime
IT
Rhysida, ransomware, BM GROUP POLYTEC
15
03/07/2023
-
-
LockBit 3.0
Blowtherm
The LockBit ransomware gang claims to have hacked Blowtherm, a manufacturer of paint booths and finishing equipment for the automotive.
Malware
Manufacturing
Cyber Crime
IT
LockBit, LockBit 3.0, ransomware, Blowtherm
16
04/07/2023
Early July 2023
Early July 2023
BrettJS
Runner.it
Runner.it, an Italian distributor of IT technologies, has its database dumped online.
SQLi
Wholesale and retail
Cyber Crime
IT
BrettJS, Runner.it
17
04/07/2023
-
-
?
Acque Veronesi
Acque Veronesi, a local water utility in Italy discloses to have suffered a cyber attack.
Unknown
Water supply, waste mgmt, remediation
Cyber Crime
IT
Acque Veronesi
18
05/07/2023
04/07/2023
04/07/2023
?
Port of Nagoya
The Port of Nagoya, the largest and busiest port in Japan, is targeted in a ransomware attack that impacts the operation of container terminals.
Malware
Transportation and storage
Cyber Crime
JP
Nogoya, Ransomware
19
05/07/2023
05/07/2023
05/07/2023
Ukrainian IT Army
RZD
The Russian state-owned railway company RZD is taken down by a DDoS attack from the hacktivists of the Ukrainian IT Army.
DDoS
Transportation and storage
Hacktivism
RU
Ukraine, Russia, RZD, Ukrainian IT Army
20
05/07/2023
11/04/2023
19/05/2023
Clop AKA Lace Tempest, TA505 and, FIN11
National Institutes of Health Federal Credit Union
The National Institutes of Health Federal Credit Union confirm to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, National Institutes of Health Federal Credit Union, MOVEit, CVE-2023-34362, ransomware
21
05/07/2023
Since at least end of May 2023
During June 2023
TeamTNT
Multiple organizations
Researchers from Aqua Security and Sentinel One discover a new campaign still in early stages linked to TeamTNT, a threat group known for targeting cloud and container environments to deploy cryptocurrency miners.
Misconfiguration
Multiple Industries
Cyber Crime
>1
Aqua Security, TeamTNT, Silentbob
22
05/07/2023
During the Spring 2023
During the Spring 2023
?
Cryptocurrency owners
Researchers from Kaspersky discover a new malicious campaign relying on email attacks targeting the most popular forms of cryptocurrency storage: hot and cold wallets.
Account Takeover
Fintech
Cyber Crime
>1
Kaspersky, Crypto
23
05/07/2023
-
-
?
Individuals in the U.S.
Researchers from Malwarebytes discover a malvertising campaign impersonating the United States Post Office (USPS) to divert victims to a phishing site to steal payment-card and banking credentials.
Account Takeover
Individual
Cyber Crime
US
Malwarebytes, United States Post Office, USPS
24
05/07/2023
31/03/2023
31/03/2023
?
Phoenician Medical Center
Phoenician Medical Center and its affiliates, Phoenix Neurological & Pain Institute and Laser Surgery Center (PMC), file a notice of data breach after discovering that an unauthorized party accessed—and potentially stole—patient data.
Unknown
Human health and social work
Cyber Crime
US
Phoenician Medical Center, Phoenix Neurological & Pain Institute and Laser Surgery Center, PMC
25
05/07/2023
Since early June 2023
Early June 2023
WISE REMOTE Stealer
Multiple Organizations
Researchers from CYFIRMA discover an advanced information stealer, known as “WISE REMOTE Stealer,” that functions as both a stealer and a Remote Access Trojan (RAT).
Malware
Multiple Industries
Cyber Crime
>1
CYFIRMA, WISE REMOTE Stealer
26
05/07/2023
-
-
Bjorka
Unknown organizations in Indonesia
The personal information of nearly 35 million Indonesian passport holders is up for sale on the dark web for $10,000 by notorious hacktivist Bjorka.
Unknown
Unknown
Hacktivism
ID
Bjorka, Indonesia
27
05/07/2023
01/07/2023
01/07/2023
?
Luigi Vanvitelli University Hospital
The Luigi Vanvitelli University Hospital is hit with a ransomware attack.
Malware
Human health and social work
Cyber Crime
IT
Luigi Vanvitelli University Hospital, ransomware
28
05/07/2023
26/06/2023
03/07/2023
8Base
ClearMedi Health
The ransomware group 8Base lists ClearMedi Health on their leak site.
Malware
Human health and social work
Cyber Crime
GB
8Base, ClearMedi Health, ransomware
29
05/07/2023
05/07/2023
05/07/2023
?
Rodeo Finance
Rodeo Finance suffers a loss of $50,000 worth from the platform.
Unknown
Fintech
Cyber Crime
N/A
Rodeo Finance
30
05/07/2023
05/07/2023
05/07/2023
Russian hacktivists
Facebook page of the State Statistics Service of Ukraine
The Facebook page of the State Statistics Service of Ukraine runs a disinformation campaign for a short time after Russian hacktivists gain administrator access to the page.
Account Takeover
Public admin and defence, social security
Cyber Warfare
UA
Facebook, State Statistics Service of Ukraine, Ukraine, Russia
31
06/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Cambridgeshire County Council
The Cambridgeshire County Council confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.
JumpCloud, a US-based enterprise software firm notifies several customers of an "ongoing incident" and as a caution, the company invalidates existing admin API keys to protect its customer organizations. Few days later, the breach is traced back to North Korean state-sponsored actors from Lazarus Group.
Targeted Attack
Professional, scientific and technical
Cyber Espionage
US
JumpCloud, Lazarus Group
34
06/07/2023
During January 2023
End of June 2023
?
Nickelodeon
Nickelodeon, a Paramount-owned American pay TV channel, confirms that 500 gb of data leaked from an alleged breach of the company is legitimate but some of it appears to be decades old.
Unknown
Arts entertainment, recreation
Cyber Crime
US
Nickelodeon, Paramount
35
06/07/2023
-
-
Truebot
Organizations across the United States and Canada
CISA and the FBI warn of new Truebot malware variants deployed on networks compromised using CVE-2022-31199, an RCE vulnerability in the Netwrix Auditor software in attacks targeting organizations across the United States and Canada.
Researchers from Pradeo discover two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data and send it to servers in China.
Malware
Individual
Cyber Crime
>1
Pradeo, Google Play, Android, China
37
06/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Proskauer Rose
The law firms Proskauer Rose is listed by the Cl0p gang among the victims of a data breach occurred exploiting the MOVEit vulnerability.
The Law Foundation of Silicon Valley, a California law firm that provides free services to those in need, discloses to have been it by a ransomware attack compromising the data of 42,000 individuals.
Malware
Professional, scientific and technical
Cyber Crime
US
Law Foundation of Silicon Valley, ransomware
39
06/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
First Merchants Bank (FMB)
First Merchants Bank (FMB) confirms to have been affected by the MOVEit data breach.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, First Merchants Bank, FMB, CVE-2023-34362, Ransomware
40
06/07/2023
between 11/05/2023 and 13/06/2023
between 11/05/2023 and 13/06/2023
?
Multiple organizations
Researchers from ReversingLabs discover Operation Brainleeches, more than a dozen malicious packages published to the npm open source repository that appear to target application end users while also supporting email phishing campaigns targeting Microsoft 365 users.
Malware
Multiple Industries
Cyber Crime
>1
ReversingLabs, Operation Brainleeches, npm, Microsoft 365
41
06/07/2023
-
-
?
Facebook users in GB
Martin Lewis, a leading UK TV personality, discovers a deepfake likeness of himself promoting an investment scam published on Facebook.
Deepfake
Individual
Cyber Crime
GB
Martin Lewis, deepfake, Facebook
42
06/07/2023
08/05/2023
08/05/2023
?
Public Health Management Corporation (PHMC)
Public Health Management Corporation (PHMC) files a notice of data breach after discovering that an unauthorized party was able to access confidential consumer information stored on the organization’s computer network.
Malware
Human health and social work
Cyber Crime
US
Public Health Management Corporation, PHMC
43
06/07/2023
-
-
BlackByte
Undisclosed Organization
Researchers from Microsoft reveal the details of a BlackByte ransomware campaign taking 5 days from the initial intrusion to the encryption of the data.
Malware
Unknown
Cyber Crime
N/A
Microsoft, BlackByte, Ransomware
44
06/07/2023
-
-
?
Multiple organizations
Researchers from Vade discover a new phishing campaign spoofing the Microsoft 365 authentication system.
Account Takeover
Multiple Industries
Cyber Crime
>1
Vade, Microsoft 365
45
06/07/2023
20/05/2023
26/05/2023
?
edgeMED Healthcare
edgeMED Healthcare files a notice of data breach after discovering that confidential patient information was compromised in a recent cybersecurity incident.
Unknown
Professional, scientific and technical
Cyber Crime
US
edgeMED Healthcare
46
06/07/2023
-
-
Underground Team
Multiple organizations
Researchers from Cyble discover a new strain of ransomware, dubbed “Underground Team” that not only encrypts files but also lists victims’ host information in the ransom note.
Malware
Multiple Industries
Cyber Crime
>1
Cyble, ransomware, Underground Team
47
07/07/2023
06/07/2023
06/07/2023
?
Multichain
The crypto platform Multichain suspends its services as it investigates claims that more than $125 million in cryptocurrency was stolen.
Unknown
Fintech
Cyber Crime
SG
Multichain
48
07/07/2023
07/07/2023
07/07/2023
?
Crypto users on Twitter
After the Multichain hack, Twitter users start to receive fraudulent links.
Account Takeover
Fintech
Cyber Crime
>1
Multichain, Twitter
49
07/07/2023
-
01/06/2023
?
bioMérieux
bioMérieux files a notice of data breach after discovering that the MOVEit file transfer software used by Vitality Group, contained a vulnerability allowing hackers to access confidential consumer information that had been provided to bioMérieux.
Plains Capital Bank confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Plains Capital Bank, MOVEit, CVE-2023-34362, ransomware
67
07/07/2023
SInce end of May 2023
Mid-June 2023
Big Head
Multiple organizations
Researchers from Trend Micro reveal the details of Big Head, a new ransomware variant spreading through malvertising that promotes fake Windows updates and Microsoft Word installers.
Malware
Multiple Industries
Cyber Crime
>1
Trend Micro, Big Head, ransomware, malvertising, Windows updates, Microsoft Word
68
07/07/2023
Since May 2023
Since May 2023
TOITOIN
Organizations in Latin America
Researchers from Zscaler discover a new Windows-based banking trojan called TOITOIN targeting organization in Latin America.
Malware
Finance and insurance
Cyber Crime
>1
Zscaler, TOITOIN
69
07/07/2023
30/06/2023
30/06/2023
?
Trinidad and Tobago Office of the Attorney General and Ministry of Legal Affairs (AGLA)
The Trinidad and Tobago Office of the Attorney General and Ministry of Legal Affairs (AGLA) is hit with a cyberattack impacting the ministry’s operations.
Unknown
Public admin and defence, social security
Cyber Crime
TT
Trinidad and Tobago, Office of the Attorney General and Ministry of Legal Affairs, AGLA
70
07/07/2023
-
-
?
University of the West of Scotland (UWS)
The University of the West of Scotland (UWS) confirms to be’experiencing an “ongoing cyber incident.”
Unknown
Education
Cyber Crime
GB
University of the West of Scotland, UWS
71
07/07/2023
-
-
?
individuals from South Korea
Researchers from ThreatFabric discover Letscall, a new sophisticated Vishing toolset targeting users in South Korea.
Account Takeover
Finance and insurance
Cyber Crime
KR
ThreatFabric, Letscall, Vishing
72
07/07/2023
Between 04/05/2023 and 07/05/2023
Before 11/05/2023
?
Precision Anesthesia Billing
Precision Anesthesia Billing files a notice of data breach after discovering that an unauthorized party was able to access confidential patient information provided to the company.
Unknown
Administration and support service
Cyber Crime
US
Precision Anesthesia Billing
73
07/07/2023
07/07/2023
07/07/2023
?
Jackson Township
The Jackson Township is hit by an unspecified computer network “incident” that affects the function of multiple systems.
Unknown
Public admin and defence, social security
Cyber Crime
US
Jackson Township
74
07/07/2023
-
-
Play
Lawer
The Play ransomware gang lists Lawer, a manufacturer of systems for the textile industry, in their leak site.
Malware
Manufacturing
Cyber Crime
IT
Play, ransomware, Lawer
75
08/07/2023
22/06/2023
04/07/2023
RomCom
NATO Summit attendees
Researchers from BlackBerry discover two malicious documents submitted from an IP address in Hungary, sent as lures to an organization supporting Ukraine abroad, and a document targeting NATO Summit guests who may also be providing support to Ukraine. Few days later Microsoft reveals that the attackers exploited a zero-day vulnerability CVE-2023-36884.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
>1
RomCom, NATO Summit, BlackBerry, Hungary, Ukraine, Microsoft, CVE-2023-36884
76
08/07/2023
08/07/2023
08/07/2023
?
Ventia
The Australian infrastructure services provider Ventia reveals to be dealing with a cyberattack that began this weekend.
Unknown
Administration and support service
Cyber Crime
AU
Ventia
77
08/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Employee Retirement System of Rhode Island (ERSRI)
The Employee Retirement System of Rhode Island (ERSRI) posts a "PBI Data Breach” notice on its website, describing an incident that resulted in confidential information of current and former account holders being compromised.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Employee Retirement System of Rhode Island, ERSRI, PBI, CVE-2023-34362, Ransomware
78
09/07/2023
During January 2023
Mid-May 2023
Charming Kitten (AKA APT35, TA453, Mint Sandstorm, Yellow Garuda)
Experts in Middle Eastern affairs and nuclear security
Researchers from Proofpoint discover a new campaign by the Iranian Charming Kitten APT group using a new NokNok malware that targets macOS systems against experts in Middle Eastern affairs and nuclear security.
The Financial Time reveals that In early 2022, threat actors exploited a zero-day flaw in Revolut payment systems to steal more than $20 million.
Vulnerability
Fintech
Cyber Crime
GB
Revolut, Financial Times
80
09/07/2023
-
-
D#nut Leaks
Peroni Pompe
The D#nut Leaks ransomware gangs claims responsibility for a cyber attack against Peroni Pompe, a manufacturer of oscillating process pumps.
Malware
Manufacturing
Cyber Crime
IT
D#nut Leaks, ransomware, Peroni Pompe
81
10/07/2023
-
08/07/2023
Nationalist
Razer
Gaming gear company Razer investigates recent rumors of a massive data breach when someone with the moniker 'Nationalist' posted on a forum that they had stolen the source code, database, encryption keys, and backend access logins, letting users know that they started an investigation into the matter, and resetting all member accounts.
Unknown
Manufacturing
Cyber Crime
SG
US
Razer, Nationalist
82
10/07/2023
-
-
?
Undisclosed organization(s)
Apple issues a new round of Rapid Security Response (RSR) updates to address CVE-2023-37450, a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.
The City of Hayward, California is forced to shut off its website and several online municipal portals in response to a cyberattack.
Unknown
Public admin and defence, social security
Cyber Crime
US
City of Hayward
84
10/07/2023
08/07/2023
-
?
Kent County
Delaware’s Kent County suffers a cyberattack affecting municipal services for days.
Unknown
Public admin and defence, social security
Cyber Crime
US
Delaware, Kent County
85
10/07/2023
-
30/06/2023
ALPHV AKA BlackCat
Barts Health NHS Trust
Barts Health NHS Trust confirms it’s investigating a ransomware incident by the BlackCat/ALPHV ransomware gang.
Malware
Human health and social work
Cyber Crime
GB
ALPHV, BlackCat, Barts Health NHS Trust, ransomware
86
10/07/2023
Early July 2023
Early July 2023
?
PKO Bank Polski customers
Researchers from Riffsec reveal that threat actors are taking advantage of Android's WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information.
Malware
Finance and insurance
Cyber Crime
PL
Riffsec, Android, WebAPK, PKO Bank Polski
87
10/07/2023
Since July 2023
-
China News Service
Individuals in various countries in Latin America
Researchers from Nisos identify a network of pro-Beijing Twitter accounts likely engaged in state-backed information operation targeting audiences in various countries in Latin America, including Paraguay, Costa Rica, Chile, and Brazil. Some of the accounts promote strategic Chinese state media-linked news content in both Spanish and Portuguese.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
>1
China News Service, Nisos, China, Twitter, Latin America, Paraguay, Costa Rica, Chile, Brazil
88
10/07/2023
10/07/2023
10/07/2023
Collective of religiously and politically motivated hacker
Archive of Our Own (AO3)
The popular fanfiction platform Archive of Our Own (AO3) is hit with a wave of DDoS attacks.
DDoS
Arts entertainment, recreation
Cyber Warfare
US
Archive of Our Own, AO3
89
10/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Alight Solutions
Accelya Global (Accelya) files a notice of data breach after discovering that Alight Solutions (“Alight”), one of Accelya’s vendors, experienced a data security incident related to the company’s use of the file transfer software MOVEit.
Rockland Trust Company (Rockland Trust Bank) files a notice of a data security incident after discovering that one of the company’s vendors experienced a data breach related to the vendor’s use of the MOVEit file transfer software
The Malta Film Commission’s Facebook page is hacked and the profile picture is replaced with a photo of a blonde woman in a car.
Account Takeover
Arts entertainment, recreation
Cyber Crime
MT
Malta Film Commission, Facebook
92
10/07/2023
-
-
?
Banking users in Spain
Spanish law enforcement authorities take down a cybercriminal ring that deployed a range of hacking techniques to target banking customers. The group operators extorted 100,000 euros and offered crime as a service to other criminals.
Account Takeover
Finance and insurance
Cyber Crime
ES
Bank, Spain
93
11/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
University of Colorado
The University of Colorado confirms to have been affected by the MOVEit data breach.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, University of Colorado, CVE-2023-34362, Ransomware
94
11/07/2023
-
05/07/2023
?
HCA Healthcare
HCA Healthcare discloses a data breach impacting an estimated 11 million patients who received care at one of its hospitals and clinics after a threat actor leaked samples of the stolen data on a hacking forum.
Unknown
Human health and social work
Cyber Crime
US
HCA Healthcare
95
11/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Majorel?
Deutsche Bank AG confirms that a data breach on one of its service providers has exposed its customers' data in a likely MOVEit Transfer data-theft attack. Other impacted banks include Commerzbank, Postbank, Comdirect, and ING.
CVE-2023-34362 Vulnerability
Professional, scientific and technical
Cyber Crime
DE
Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Deutsche Bank, Commerzbank, Postbank, Comdirect, ING, CVE-2023-34362, Ransomware, Majorel
96
11/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Choice Hotel
Choice Hotel confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability. The breach affected also other companies of the group including Radisson Hotels.
UofL Health, an academic health system, confirms that it had been targeted by a cyber attack exploiting the MOVEit CVE-2023-34362 vulnerability, after being listed on Clop’s dark web leak site.
Researchers from Cisco Talos observe threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015, using two open-source tools, 'HookSignTool' and 'FuckCertVerify.' The first tool is used in a campaign using an undocumented malicious driver named “RedDriver" to target native Chinese speakers.
Researchers from Trend Micro discover a campaign carried out by a Chinese threat actor targeting the gaming sector in China and using signed Microsoft drivers.
Malware
Arts entertainment, recreation
Cyber Crime
CN
Trend Micro, China, Microsoft, Signed Driver
104
11/07/2023
-
-
Multiple threat actors
Undisclosed organization(s)
Microsoft discloses CVE-2023-36884, an unpatched zero-day vulnerability in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents.
CVE-2023-36884 Vulnerability
Unknown
N/A
N/A
Microsoft, CVE-2023-36884, Windows, Office
105
11/07/2023
15/05/2023
16/06/2023
Storm-0558
25 organizations worldwide, including U.S. and Western European government agencies
Researchers from Microsoft reveal that a Chinese hacking group dubbed Storm-0558 has breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies, such as the U.S. State and Commerce Departments, forging authentication tokens.
Account Takeover
Public admin and defence, social security
Cyber Espionage
>1
Microsoft, China, Storm-0558, U.S. State and Commerce Departments
106
11/07/2023
'Recently'
'Recently'
PyLoose
Multiple Organizations
Researchers from WIz discover a new fileless malware named PyLoose targeting cloud workloads to hijack their computational resources for Monero cryptocurrency mining.
Malware
Multiple Industries
Cyber Crime
>1
Wiz, PyLoose
107
11/07/2023
In the first half of 2023
In the first half of 2023
TEMP.HEX
Multiple organizations in the United States, France, the UK, Italy, Poland, Austria, Australia, Switzerland, China, Japan, Ukraine, Singapore, Indonesia, and the Philippines
Researchers from Mandiant reveal the details of Sogu a malware distributed through USB from a Chinese threat actor dubbed TEMP.HEX and targeting multiple organizations worldwide.
Malware
Multiple Industries
Cyber Espionage
AU
AT
CH
CN
FR
GB
ID
IT
JP
PH
PL
SG
UA
US
Mandiant, Sogu, USB, China, TEMP.HEX
108
11/07/2023
In the first half of 2023
In the first half of 2023
UNC4698
Oil and gas firms in Asia
Researchers from Mandiant reveal the details of Snowydrive a malware distributed through USB from a threat actor dubbed UNC4698 and targeting oil and gas firms in Asia.
Malware
Multiple Industries
Cyber Espionage
>1
Mandiant, Snowydrive, USB, UNC4698, Asia
109
11/07/2023
-
-
?
Undisclosed organization(s)
The Cybersecurity and Infrastructure Security Agency (CISA) warns of four Microsoft vulnerabilities, CVE-2023-32046, CVE-2023-32049, CVE-2023-35311, CVE-2023-36874, currently exploited in the wild.
Northern Wisconsin’s Langlade County is hit with a LockBit 3.0 ransomware attack.
Malware
Public admin and defence, social security
Cyber Crime
US
Northern Wisconsin, Langlade County, LockBit, LockBit 3.0, Ransomware
111
11/07/2023
-
-
Scarleteel
Multiple organizations
Researchers from Sysdig observe the financially motivated threat actor Scarleteel infiltrating Amazon Web Services (AWS) to steal credentials and intellectual property, plant crypto mining software, perform distributed denial-of-service (DDoS) attacks, and more.
Misconfiguration
Multiple Industries
Cyber Crime
>1
Sysdig, Scarleteel, Amazon Web Services, AWS
112
11/07/2023
'Recently'
'Recently'
?
Fans of rogue PUBG games
Researchers from Cyble discover a GitHub page that masquerades as a PUBG bypass hack project but distributes the information stealer called “Legion Stealer”.
Malware
Arts entertainment, recreation
Cyber Crime
>1
Cyble, GitHub, PUBG, Legion Stealer
113
11/07/2023
During March 2023
During March 2023
?
Multiple organizations
Researchers from Palo Alto discover six malicious packages on the Python Package Index (PyPI) package manager intended to steal Windows users’ application credentials, personal data and tracking information for their crypto wallets.
Malware
Multiple Industries
Cyber Crime
>1
Palo Alto Networks, Python Package Index, PyP
114
11/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Washington State University (WSU)
Washington State University (WSU) posts a notice on its website explaining that a third-party data breach leaked personally identifiable information belonging to current and prospective students as well as employees. The incident involved two service providers, National Student Clearinghouse (NSC) and the Teachers Insurance and Annuity Association (TIAA).
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
Washington State University, WSU, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware, National Student Clearinghouse, NSC, Teachers Insurance and Annuity Association, TIAA
115
11/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Hamilton College
The Hamilton College confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.
Researchers from Bitdefender warn of phishing campaigns in theme with Amazon Prime Day.
Account Takeover
Individual
Cyber Crime
US
Bitdefender, Amazon Prime
117
11/07/2023
-
-
LockBit 3.0
Panorama Eyecare
Panorama Eyecare is added to LockBit’s leak site with a claim that 798 GB of data has been exfiltrated from four of the firm’s clients: Eye Center of Northern Colorado, Denver Eye Surgeons, Cheyenne Eye Clinic & Surgery Center; and 2020 Vision Center.
Malware
Administration and support service
Cyber Crime
US
Panorama Eyecare, LockBit, LockBit 3.0, ransomware, Eye Center of Northern Colorado, Denver Eye Surgeons, Cheyenne Eye Clinic & Surgery Center, 2020 Vision Center
118
11/07/2023
18/06/2023
11/07/2023
8Base
Kansas Medical Center
The 8Base ransomware gang claims to have attacked Kansas Medical Center and threaten to publish the data as a leak on July 15.
Malware
Human health and social work
Cyber Crime
US
8Base, ransomware, Kansas Medical Center
119
11/07/2023
11/07/2023
11/07/2023
?
Multichain
Multichain suffers an additional $103 million loss of crypto assets despite it is not clear if the loss is the result of a cyber attack or a rug pull.
Unknown
Fintech
Cyber Crime
SG
Multichain
120
11/07/2023
11/07/2023
11/07/2023
?
Rodeo Finance
An attacker steals $1.53 million from Arbitrum-based Rodeo Finance, marking the second cyberattack against the decentralized finance protocol this month.
Unknown
Fintech
Cyber Crime
N/A
Rodeo Finance, Arbitrum
121
12/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Colorado State University
The Colorado State University confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.
Sovos Compliance files a notice of data breach after discovering that MOVEit, the file transfer software used by Sovos, contained a critical vulnerability allowing an unauthorized party to download confidential consumer data provided to Sovos.
The Accreditation Commission for Education in Nursing (ACEN) files a notice of data breach after learning that its managed file transfer server was compromised, resulting in an unauthorized party being able to access consumers’ sensitive information, including their names and Social Security numbers.
Vulnerability
Education
Cyber Crime
US
Accreditation Commission for Education in Nursing
124
12/07/2023
'Recently'
'Recently'
?
Security Professionals
Researchers from Uptycs discover a fake proof-of-concept (PoC) for a the CVE-2023-35829 vulnerability, hosted on GitHub, concealing a backdoor.
Researchers from Palo Alto Networks discover a new campaign by the Russian threat actor APT29 targeting 22 foreign embassies in Ukraine, using a BMW car advertisement.
Researchers from Black Lotus Labs discover a Linux malware called AVrecon used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.
Malware
Multiple Industries
Cyber Crime
>1
Black Lotus Labs, Linux, AVrecon Small Office/Home Office
127
12/07/2023
-
05/07/2023
BlackSuit
ZooTampa
ZooTampa, the Tampa Bay Zoo confirms to have been hit by a BlackSuit (a Royal spinoff) ransomware attack.
Malware
Arts entertainment, recreation
Cyber Crime
US
ZooTampa, Tampa Bay, BlackSuit, Royal, Ransomware
128
12/07/2023
-
-
Unnamed Advanced Persistent Threat (APT)
Undisclosed organization(s)
The Cybersecurity and Infrastructure Security Agency (CISA) warns of CVE-2023-3595, a vulnerability affecting industrial technology from Rockwell Automation that is being exploited by government hackers.
CVE-2023-3595 Vulnerability
Unknown
Cyber Espionage
US
Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-3595, Rockwell Automation
129
12/07/2023
11/07/2023
11/07/2023
?
Town of Cornelius
The Town of Cornelius, North Carolina, is dealing with delayed or unavailable services after a ransomware attack.
Malware
Public admin and defence, social security
Cyber Crime
US
Cornelius, Ransomware
130
12/07/2023
Since at least May 2023
During May 2023
LokiBot
Multiple organizations
Researchers from Fortinet discover a new LokiBot campaign exploiting the known Microsoft vulnerabilities CVE-2021-40444 and CVE-2022-30190.
Konen & Associates, doing business as Unified Pain Management
Konen & Associates, doing business as Unified Pain Management notifies about an email account breach involving at least 500 records.
Account Takeover
Human health and social work
Cyber Crime
US
Konen & Associates, Unified Pain Management
136
13/07/2023
-
-
?
Undisclosed organization(s)
Zimbra urges admins to manually fix a zero-day vulnerability actively exploited to target and compromise Zimbra Collaboration Suite (ZCS) email servers.
Targeted Attack
Unknown
N/A
N/A
Zimbra, Zimbra Collaboration Suite, ZCS
137
13/07/2023
Since February 2022
Since February 2022
Gamaredon, aka Armageddon, UAC-0010, and Shuckworm
Organizations in Ukraine
Ukraine's Computer Emergency Response Team (CERT-UA) is warning that the Gamaredon hacking operates in rapid attacks, stealing data from breached systems in under an hour.
Sun Life Assurance Company of Canada (Sun Life) posts a notice on its website revealing to have been hit by the CVE-2023-34362 MOVEit vulnerability.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
CA
Sun Life Assurance Company of Canada, Sun Life, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit, CVE-2023-34362, ransomware
139
13/07/2023
Since at least 2019
Since at least 2019
Chinese state-sponsored threat actors
Members of Parliament in the UK
Britain’s signals intelligence agency, GCHQ, reveals to have observed Chinese state-sponsored threat actors “frequently” targeting parliamentarians in the country, according to a report from the Intelligence and Security Committee (ISC).
Targeted Attack
Public admin and defence, social security
Cyber Espionage
GB
GCHQ, China, Intelligence and Security Committee, ISC
140
13/07/2023
'Recently'
'Recently'
?
Norwegian Refugee Council (NRC)
The Norwegian Refugee Council (NRC) announces that it recently discovered a cyberattack targeting an online database that stores the personal information of project participants.
Targeted Attack
Extraterritorial orgs and bodies
N/A
NO
Norwegian Refugee Council, NRC
141
13/07/2023
Since April 2022
Since April 2022
GhostWriter (AKA UAC-0057, UNC1151)
Government entities, military organizations and civilian users in Ukraine and Poland
Researchers from Cisco Talos discover several campaigns by the Belarusan threat actor GhostWriter against government entities, military organizations and civilian users in Ukraine and Poland.
Researchers from eSentire discover a campaign exploiting Sorillus RAT, and a phishing page being delivered using HTML smuggled files and links using Google’s Firebase Hosting service.
Malware
Manufacturing
Cyber Crime
N/A
eSentire, Sorillus RAT, HTML smuggling, Google Firebase
143
13/07/2023
-
-
SocialKit LTD
iOS users in Europe
Apple takes down a fake Threads app in Europe, which was topping the charts of the most downloaded apps.
Malware
Individual
Cyber Crime
>1
iOS, Threads
144
13/07/2023
During 2023
During 2023
Red Menshen (AKA DecisiveArchitect or Red Dev 18)
Organizations in the telecommunications sector in Turkey and Hong Kong.
Researchers from Trend Micro discover a new campaign by the Red Menshen APT targeting organizations in the telecommunications sector in Turkey and Hong Kong via a Linux variant of the BPFDoor malware.
Malware
Information and communication
Cyber Espionage
HK
TR
Red Menshen, DecisiveArchitect, Red Dev 18, Trend Micro, BPFDoor
145
13/07/2023
11/03/2023
11/03/2023
?
Franklin Mutual Insurance Group (FMI)
The Franklin Mutual Insurance Group (FMI) files a notice of data breach after a ransomware attack resulted in an unauthorized party being able to access consumers’ sensitive information.
Malware
Finance and insurance
Cyber Crime
US
Franklin Mutual Insurance Group, FMI, ransomware
146
13/07/2023
Early July 2023
Early July 2023
?
Individuals in the U.S.
Researchers from Bitdefender warn of of lottery scams ahead of National Lottery Day.
Scam
Individual
Cyber Crime
US
Bitdefender, National Lottery Day
147
13/07/2023
Early July 2023
Early July 2023
WormGPT
Multiple Organizations
A new generative AI cybercrime tool called WormGPT is advertised on underground forums as a way for adversaries to launch sophisticated phishing and business email compromise (BEC) attacks.
AI Chatbot
Multiple Industries
Cyber Crime
>1
WormGPT
148
14/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Shutterfly
Shutterfly, an online retail and photography manufacturing platform, is among the latest victims hit by Clop ransomware exploiting the CVE-2023-34362 MOVEit vulnerability.
Teachers Insurance and Annuity Association of America (TIAA)
Teachers Insurance and Annuity Association of America (TIAA) files a notice of data breach after discovering to have been hit by the MOVEit CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Teachers Insurance and Annuity Association of America, TIAA, Clop, Cl0p, MOVEit, CVE-2023-34362, ransomware
150
14/07/2023
-
18/06/2023
Clop AKA Lace Tempest, TA505 and, FIN11
Hillsborough County
Hillsborough County is impacted in the MOVEit CVE-2023-34362 vulnerability, and more than 70,000 residents are affected.
CVE-2023-34362 Vulnerability
Public admin and defence, social security
Cyber Crime
US
Hillsborough County, TIAA, Clop, Cl0p, MOVEit, CVE-2023-34362, ransomware
151
14/07/2023
Since September 2022
SInce September 2022
?
Unnamed government agency, a state bank and a telecommunications provider in Pakistan
Researchers from Trend Micro discover an MSI installer of the Pakistani government app E-Office delivering a Shadowpad sample, suggesting a possible supply-chain attack against an unnamed government agency, a state bank and a telecommunications provider.
Several instances of the Reddit alternative Lemmy are hacked by attackers who are apparently exploiting a zero-day vulnerability.
XSS Vulnerability
Information and communication
Cyber Crime
>1
Lemmy
153
14/07/2023
From late April through May 2023
From late April through May 2023
Hive0129
Customers of Latin American Banks
Researchers from IBM Security X-Force discover a new attack campaign using BlotchyQuasar RAT to target Latin Americans. The campaign was first detected in late April and continued through May.
Malware
Finance and insurance
Cyber Crime
>1
IBM Security X-Force, BlotchyQuasar RAT
154
14/07/2023
15/05/2023
08/05/2023
?
Park Royal Hospital
The Pavilion at Health Park dba Park Royal Hospital files a notice of data breach after discovering that confidential patient information was accessed through a compromised employee email account.
Account Takeover
Human health and social work
Cyber Crime
US
Health Park, Park Royal Hospital
155
14/07/2023
-
-
?
Fairfax Oral & Maxillofacial Surgery (FOMS)
Fairfax Oral & Maxillofacial Surgery (FOMS) files a notice of data breach after a cyber incident compromised patients’ protected health information.
Unknown
Human health and social work
Cyber Crime
US
Fairfax Oral & Maxillofacial Surgery, FOMS
156
14/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
GuidePoint Security
Vitality Group files a notice of data breach on behalf of GuidePoint Security after discovering that the MOVEit file transfer software used by Vitality contained a critical vulnerability that allowed an unauthorized party to access certain GuidePoint Security employees’ sensitive information.
American Multi-Cinema (AMC Theatres) files a notice of data breach after a cyber incident resulted in an unauthorized party being able to access consumers’ sensitive information. According to some source the incident stemmed from the exploitation of the MOVEit vulnerability.
The Idaho State Board of Education posts a notice of data on its website after learning that two of the Board’s vendors, the Teachers Insurance and Annuity Association (“TIAA”) and the National Student Clearinghouse (“NSC”), experienced data breaches related to the file-transfer software MOVEit.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, Idaho State Board of Education, Teachers Insurance and Annuity Association, TIAA, National Student Clearinghouse, NSC, MOVEit, CVE-2023-34362, ransomware
159
14/07/2023
-
27/06/2023
Clop AKA Lace Tempest, TA505 and, FIN11
Undisclosed vendor
PlainsCapital Bank files a notice of data event after discovering that one of the bank’s vendors experienced a data breach related to the vendor’s use of the file-transfer program MOVEit.
Sunflower Bank files a notice of data breach after discovering that the MOVEit file transfer program used by the bank, contained a critical vulnerability allowing hackers to access confidential customer information.
Athene Annuity and Life Company files a notice of third-party data breach after learning that a vendor used by Athene, Pension Benefit Information, LLC (“PBI”), experienced a data breach related to the popular file transfer application MOVEit.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, Athene Annuity and Life Company, Pension Benefit Information, PBI, MOVEit, CVE-2023-34362, ransomware
162
14/07/2023
Between 26/04/2023 and 25/04/2023
-
?
Idea Financial (Idea 247)
Idea Financial (Idea 247) files a notice of data breach after discovering that an unauthorized party accessed a database containing confidential consumer information.
Unknown
Finance and insurance
Cyber Crime
US
Idea Financial, Idea 247
163
14/07/2023
-
02/06/2023
?
Wake Family Eye Care
Wake Family Eye Care files a notice of data breach after discovering that a recent ransomware attack compromised confidential patient information.
Malware
Human health and social work
Cyber Crime
US
Wake Family Eye Care, ransomware
164
14/07/2023
11/07/2023
11/07/2023
Rhysida
Città Nuova
The Rhysida ransomware gangs hits Città Nuova, an Italian publishing house.
Malware
Arts entertainment, recreation
Cyber Crime
IT
Rhysida, ransomware, Città Nuova
165
14/07/2023
-
-
?
RCH
RCH, a provider of software and hardware solutions for points of sale, has its database dumped online.
SQLi
Professional, scientific and technical
Cyber Crime
IT
RCH
166
14/07/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Crowe
Global accounting and tax advisory firm Crowe confirms to have been hit by the Cl0p MOVEit breach.
The ransomware group ALPHV (AKA BlackCat) adds Highland Health Systems in Alabama to their leak site but remove the data few days after claiming the attack had violated their prohibition against attacking non-profits.
Malware
Human health and social work
Cyber Crime
US
Ransomware, ALPHV, BlackCat, Highland Health Systems
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
BE NOTIFIED OF NEW POSTS
SUPPORT MY WORK! MAKE A DONATION
Creating the timelines is a very time-consuming task.
Any little helps!
BREACHOMETER
No Data Found
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...